scapy.layers.dot11

Wireless LAN according to IEEE 802.11.

class scapy.layers.dot11.AKMSuite

Bases: scapy.packet.Packet

aliastypes

extract_padding(s)

fields_desc

AKMSuite fields

oui	X3BytesField	4012
suite	ByteEnumField	1

class scapy.layers.dot11.Dot11

Bases: scapy.packet.Packet

aliastypes

answers(other)

fields_desc

Dot11 fields

subtype	BitField (4 bits)	0
type	BitEnumField (2 bits)	0
proto	BitField (2 bits)	0
FCfield	FlagsField (8 bits)	<Flag 0 ()>
ID	ShortField	0
addr1	MACField	'00:00:00:00:00:00'
addr2	MACField (Cond)	'00:00:00:00:00:00'
addr3	MACField (Cond)	'00:00:00:00:00:00'
SC	LEShortField (Cond)	0
addr4	MACField (Cond)	'00:00:00:00:00:00'

guess_payload_class(payload)

mysummary()

payload_guess

Possible sublayers: Dot11ATIM, Dot11Ack, Dot11AssoReq, Dot11AssoResp, Dot11Auth, Dot11Beacon, Dot11Deauth, Dot11Disas, Dot11ProbeReq, Dot11ProbeResp, Dot11ReassoReq, Dot11ReassoResp, LLC

unwep(key=None, warn=1)

class scapy.layers.dot11.Dot11ATIM

Bases: scapy.packet.Packet

aliastypes

class scapy.layers.dot11.Dot11Ack

Bases: scapy.packet.Packet

aliastypes

class scapy.layers.dot11.Dot11AssoReq

Bases: scapy.packet.Packet

aliastypes

fields_desc

Dot11AssoReq fields

cap	FlagsField (16 bits)	<Flag 0 ()>
listen_interval	LEShortField	200

payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11AssoResp

Bases: scapy.packet.Packet

aliastypes

fields_desc

Dot11AssoResp fields

cap	FlagsField (16 bits)	<Flag 0 ()>
status	LEShortField	0
AID	LEShortField	0

payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11Auth

Bases: scapy.packet.Packet

aliastypes

answers(other)

fields_desc

Dot11Auth fields

algo	LEShortEnumField	0
seqnum	LEShortField	0
status	LEShortEnumField	0

payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11Beacon

Bases: scapy.layers.dot11._Dot11NetStats

aliastypes

fields_desc

Dot11Beacon fields

timestamp	LELongField	0
beacon_interval	LEShortField	100
cap	FlagsField (16 bits)	<Flag 0 ()>

payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11CCMP

Bases: scapy.layers.dot11.Dot11Encrypted

aliastypes

fields_desc

Dot11CCMP fields

PN0	ByteField	0
PN1	ByteField	0
res0	ByteField	0
key_id	BitField (2 bits)	0
ext_iv	BitField (1 bit)	0
res1	BitField (5 bits)	0
PN2	ByteField	0
PN3	ByteField	0
PN4	ByteField	0
PN5	ByteField	0
data	StrField	None

payload_guess

Possible sublayers: Raw

class scapy.layers.dot11.Dot11Deauth

Bases: scapy.packet.Packet

aliastypes

fields_desc

Dot11Deauth fields

reason

LEShortEnumField

1

class scapy.layers.dot11.Dot11Disas

Bases: scapy.packet.Packet

aliastypes

fields_desc

Dot11Disas fields

reason

LEShortEnumField

1

class scapy.layers.dot11.Dot11Elt

Bases: scapy.packet.Packet

aliastypes

classmethod dispatch_hook(_pkt=None, *args, **kargs)

fields_desc

Dot11Elt fields

ID	ByteEnumField	0
len	FieldLenField	None
info	StrLenField	b''

getlayer(cls, nb=1, _track=None, _subclass=True, **flt)

haslayer(cls)

info

mysummary()

payload_guess

Possible sublayers: Dot11Elt

post_build(p, pay)

pre_dissect(s)

classmethod register_variant()

registered_ies = {0: <class 'scapy.layers.dot11.Dot11Elt'>, 1: <class 'scapy.layers.dot11.Dot11EltRates'>, 7: <class 'scapy.layers.dot11.Dot11EltCountry'>, 48: <class 'scapy.layers.dot11.Dot11EltRSN'>, 221: <class 'scapy.layers.dot11.Dot11EltVendorSpecific'>}

show_indent = 0

class scapy.layers.dot11.Dot11EltCountry

Bases: scapy.layers.dot11.Dot11Elt

aliastypes

fields_desc

Dot11EltCountry fields

ID	ByteField	7
len	ByteField	None
country_string	StrFixedLenField	b'\x00\x00\x00'
descriptors	PacketListField	[]
pad	ByteField (Cond)	0

class scapy.layers.dot11.Dot11EltCountryConstraintTriplet

Bases: scapy.packet.Packet

aliastypes

extract_padding(s)

fields_desc

Dot11EltCountryConstraintTriplet fields

first_channel_number	ByteField	1
num_channels	ByteField	24
mtp	ByteField	0

class scapy.layers.dot11.Dot11EltMicrosoftWPA

Bases: scapy.layers.dot11.Dot11Elt

aliastypes

fields_desc

Dot11EltMicrosoftWPA fields

ID	ByteField	221
len	ByteField	None
oui	X3BytesField	20722
type	XByteField	1
version	LEShortField	1
group_cipher_suite	PacketField	<RSNCipherSuite  |>
nb_pairwise_cipher_suites	LEFieldLenField	1
pairwise_cipher_suites	PacketListField	[<RSNCipherSuite  |>]
nb_akm_suites	LEFieldLenField	1
akm_suites	PacketListField	[<AKMSuite  |>]

class scapy.layers.dot11.Dot11EltRSN

Bases: scapy.layers.dot11.Dot11Elt

aliastypes

fields_desc

Dot11EltRSN fields

ID	ByteField	48
len	ByteField	None
version	LEShortField	1
group_cipher_suite	PacketField	<RSNCipherSuite  |>
nb_pairwise_cipher_suites	LEFieldLenField	1
pairwise_cipher_suites	PacketListField	[<RSNCipherSuite  |>]
nb_akm_suites	LEFieldLenField	1
akm_suites	PacketListField	[<AKMSuite  |>]
mfp_capable	BitField (1 bit)	0
mfp_required	BitField (1 bit)	0
gtksa_replay_counter	BitField (2 bits)	0
ptksa_replay_counter	BitField (2 bits)	0
no_pairwise	BitField (1 bit)	0
pre_auth	BitField (1 bit)	0
reserved	BitField (8 bits)	0
pmkids	PacketField (Cond)	None

class scapy.layers.dot11.Dot11EltRates

Bases: scapy.layers.dot11.Dot11Elt

aliastypes

fields_desc

Dot11EltRates fields

ID	ByteField	1
len	ByteField	None
rates	FieldListField	[]

class scapy.layers.dot11.Dot11EltVendorSpecific

Bases: scapy.layers.dot11.Dot11Elt

aliastypes

fields_desc

Dot11EltVendorSpecific fields

ID	ByteField	221
len	ByteField	None
oui	X3BytesField	0
info	StrLenField	b''

class scapy.layers.dot11.Dot11Encrypted

Bases: scapy.packet.Packet

aliastypes

classmethod dispatch_hook(_pkt=None, *args, **kargs)

fields_desc

Dot11Encrypted fields

data

StrField

None

class scapy.layers.dot11.Dot11FCS

Bases: scapy.layers.dot11.Dot11

aliastypes

compute_fcs(s)

fields_desc

Dot11FCS fields

subtype	BitField (4 bits)	0
type	BitEnumField (2 bits)	0
proto	BitField (2 bits)	0
FCfield	FlagsField (8 bits)	<Flag 0 ()>
ID	ShortField	0
addr1	MACField	'00:00:00:00:00:00'
addr2	MACField (Cond)	'00:00:00:00:00:00'
addr3	MACField (Cond)	'00:00:00:00:00:00'
SC	LEShortField (Cond)	0
addr4	MACField (Cond)	'00:00:00:00:00:00'
fcs	FCSField	None

match_subclass = True

post_build(p, pay)

class scapy.layers.dot11.Dot11PacketList(res=None, name='Dot11List', stats=None)

Bases: scapy.plist.PacketList

listname

res

stats

toEthernet()

class scapy.layers.dot11.Dot11ProbeReq

Bases: scapy.packet.Packet

aliastypes

payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11ProbeResp

Bases: scapy.layers.dot11._Dot11NetStats

aliastypes

fields_desc

Dot11ProbeResp fields

timestamp	LELongField	0
beacon_interval	LEShortField	100
cap	FlagsField (16 bits)	<Flag 0 ()>

payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11QoS

Bases: scapy.packet.Packet

aliastypes

fields_desc

Dot11QoS fields

Reserved	BitField (1 bit)	None
Ack_Policy	BitField (2 bits)	None
EOSP	BitField (1 bit)	None
TID	BitField (4 bits)	None
TXOP	ByteField	None

guess_payload_class(payload)

payload_guess

Possible sublayers: LLC

class scapy.layers.dot11.Dot11ReassoReq

Bases: scapy.packet.Packet

aliastypes

fields_desc

Dot11ReassoReq fields

cap	FlagsField (16 bits)	<Flag 0 ()>
listen_interval	LEShortField	200
current_AP	MACField	'00:00:00:00:00:00'

payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11ReassoResp

Bases: scapy.layers.dot11.Dot11AssoResp

aliastypes

fields_desc

Dot11ReassoResp fields

cap	FlagsField (16 bits)	<Flag 0 ()>
status	LEShortField	0
AID	LEShortField	0

payload_guess

Possible sublayers: Dot11Elt

class scapy.layers.dot11.Dot11TKIP

Bases: scapy.layers.dot11.Dot11Encrypted

aliastypes

fields_desc

Dot11TKIP fields

TSC1	ByteField	0
WEPSeed	ByteField	0
TSC0	ByteField	0
key_id	BitField (2 bits)	0
ext_iv	BitField (1 bit)	0
res	BitField (5 bits)	0
TSC2	ByteField (Cond)	0
TSC3	ByteField (Cond)	0
TSC4	ByteField (Cond)	0
TSC5	ByteField (Cond)	0
data	StrField	None

payload_guess

Possible sublayers: Raw

class scapy.layers.dot11.Dot11WEP

Bases: scapy.layers.dot11.Dot11Encrypted

aliastypes

build_payload()

decrypt(key=None)

encrypt(**kwargs)

fields_desc

Dot11WEP fields

iv	StrFixedLenField	b'\x00\x00\x00'
keyid	ByteField	0
wepdata	StrField	None
icv	IntField	None

post_build(p, pay)

post_dissect(s)

class scapy.layers.dot11.PMKIDListPacket

Bases: scapy.packet.Packet

aliastypes

extract_padding(s)

fields_desc

PMKIDListPacket fields

nb_pmkids	LEFieldLenField	0
pmkid_list	FieldListField	[]

class scapy.layers.dot11.PrismHeader

Bases: scapy.packet.Packet

iwpriv wlan0 monitor 3

aliastypes

answers(other)

fields_desc

PrismHeader fields

msgcode	LEIntField	68
len	LEIntField	144
dev	StrFixedLenField	b''
hosttime_did	LEIntField	0
hosttime_status	LEShortField	0
hosttime_len	LEShortField	0
hosttime	LEIntField	0
mactime_did	LEIntField	0
mactime_status	LEShortField	0
mactime_len	LEShortField	0
mactime	LEIntField	0
channel_did	LEIntField	0
channel_status	LEShortField	0
channel_len	LEShortField	0
channel	LEIntField	0
rssi_did	LEIntField	0
rssi_status	LEShortField	0
rssi_len	LEShortField	0
rssi	LEIntField	0
sq_did	LEIntField	0
sq_status	LEShortField	0
sq_len	LEShortField	0
sq	LEIntField	0
signal_did	LEIntField	0
signal_status	LEShortField	0
signal_len	LEShortField	0
signal	LESignedIntField	0
noise_did	LEIntField	0
noise_status	LEShortField	0
noise_len	LEShortField	0
noise	LEIntField	0
rate_did	LEIntField	0
rate_status	LEShortField	0
rate_len	LEShortField	0
rate	LEIntField	0
istx_did	LEIntField	0
istx_status	LEShortField	0
istx_len	LEShortField	0
istx	LEIntField	0
frmlen_did	LEIntField	0
frmlen_status	LEShortField	0
frmlen_len	LEShortField	0
frmlen	LEIntField	0

payload_guess

Possible sublayers: Dot11

class scapy.layers.dot11.RSNCipherSuite

Bases: scapy.packet.Packet

aliastypes

extract_padding(s)

fields_desc

RSNCipherSuite fields

oui	X3BytesField	4012
cipher	ByteEnumField	4

class scapy.layers.dot11.RadioTap

Bases: scapy.packet.Packet

aliastypes

deprecated_fields = {'Channel': ('ChannelFrequency', '2.4.3'), 'ChannelFlags2': ('ChannelPlusFlags', '2.4.3'), 'ChannelNumber': ('ChannelPlusNumber', '2.4.3')}

fields_desc

RadioTap fields

version	ByteField	0
pad	ByteField	0
len	LEShortField	None
present	FlagsField (32 bits)	None
Ext	PacketListField (Cond)	[]
mac_timestamp	_RadiotapReversePadField (Cond)	0
Flags	_RadiotapReversePadField (Cond)	None
Rate	_RadiotapReversePadField (Cond)	0
ChannelFrequency	_RadiotapReversePadField (Cond)	0
ChannelFlags	FlagsField (Cond) (16 bits)	None
dBm_AntSignal	_RadiotapReversePadField (Cond)	0
dBm_AntNoise	_RadiotapReversePadField (Cond)	0
Lock_Quality	_RadiotapReversePadField (Cond)	0
Antenna	_RadiotapReversePadField (Cond)	0
RXFlags	_RadiotapReversePadField (Cond)	None
TXFlags	_RadiotapReversePadField (Cond)	None
ChannelPlusFlags	_RadiotapReversePadField (Cond)	None
ChannelPlusFrequency	LEShortField (Cond)	0
ChannelPlusNumber	ByteField (Cond)	0
knownMCS	_RadiotapReversePadField (Cond)	None
Ness_LSB	BitField (Cond) (1 bit)	0
STBC_streams	BitField (Cond) (2 bits)	0
FEC_type	BitEnumField (Cond) (1 bit)	0
HT_format	BitEnumField (Cond) (1 bit)	0
guard_interval	BitEnumField (Cond) (1 bit)	0
MCS_bandwidth	BitEnumField (Cond) (2 bits)	0
MCS_index	ByteField (Cond)	0
A_MPDU_ref	_RadiotapReversePadField (Cond)	0
A_MPDU_flags	FlagsField (Cond) (32 bits)	None
KnownVHT	_RadiotapReversePadField (Cond)	None
PresentVHT	FlagsField (Cond) (8 bits)	None
VHT_bandwidth	ByteEnumField (Cond)	0
mcs_nss	StrFixedLenField (Cond)	0
GroupID	ByteField (Cond)	0
PartialAID	ShortField (Cond)	0
timestamp	_RadiotapReversePadField (Cond)	0
ts_accuracy	LEShortField (Cond)	0
ts_position	ByteField (Cond)	0
ts_flags	ByteField (Cond)	0
he_data1	_RadiotapReversePadField (Cond)	0
he_data2	ShortField (Cond)	0
he_data3	ShortField (Cond)	0
he_data4	ShortField (Cond)	0
he_data5	ShortField (Cond)	0
he_data6	ShortField (Cond)	0
hemu_flags1	_RadiotapReversePadField (Cond)	0
hemu_flags2	LEShortField (Cond)	0
RU_channel1	FieldListField (Cond)	[]
RU_channel2	FieldListField (Cond)	[]
hemuou_per_user_1	_RadiotapReversePadField (Cond)	32767
hemuou_per_user_2	LEShortField (Cond)	63
hemuou_per_user_position	ByteField (Cond)	0
hemuou_per_user_known	FlagsField (Cond) (16 bits)	<Flag 0 ()>
lsig_data1	_RadiotapReversePadField (Cond)	<Flag 0 ()>
lsig_length	BitField (Cond) (12 bits)	0
lsig_rate	BitField (Cond) (4 bits)	0
notdecoded	StrLenField	b''

guess_payload_class(payload)

post_build(p, pay)

post_dissect(s)

class scapy.layers.dot11.RadioTapExtendedPresenceMask(_pkt=None, index=0, **kwargs)

Bases: scapy.packet.Packet

RadioTapExtendedPresenceMask should be instantiated by passing an index= kwarg, stating which place the item has in the list.

Passing index will update the b[x] fields accordingly to the index.

e.g.

>>> a = RadioTapExtendedPresenceMask(present="b0+b12+b29+Ext")
>>> b = RadioTapExtendedPresenceMask(index=1, present="b33+b45+b59+b62")
>>> pkt = RadioTap(present="Ext", Ext=[a, b])

aliastypes

fields_desc

RadioTapExtendedPresenceMask fields

present

FlagsField (32 bits)

None

guess_payload_class(pay)

class scapy.layers.dot11.WiFi_am(**kargs)

Bases: scapy.ansmachine.AnsweringMachine

Before using this, initialize “iffrom” and “ifto” interfaces: iwconfig iffrom mode monitor iwpriv orig_ifto hostapd 1 ifconfig ifto up note: if ifto=wlan0ap then orig_ifto=wlan0 note: ifto and iffrom must be set on the same channel ex: ifconfig eth1 up iwconfig eth1 mode monitor iwconfig eth1 channel 11 iwpriv wlan0 hostapd 1 ifconfig wlan0ap up iwconfig wlan0 channel 11 iwconfig wlan0 essid dontexist iwconfig wlan0 mode managed

filter = None

function_name = 'airpwn'

is_request(pkt)

make_reply(p)

parse_options(iffrom='eth0', ifto='eth0', replace='', pattern='', ignorepattern='')

print_reply(query, *reply)

send_reply(reply)

sniff()